With every major breach we hear statistics in the press about how many records were leaked - millions, tens of millions, maybe more - but it can be difficult to appreciate the scale of these hacking incidents in aggregate. Consider this - in 2015, healthcare breaches in the US, the medical records and personal information belonging to 113M individuals was exposed. That's one in three Americans' names, addresses, Social Security numbers, and medical claims information out in the wild.
This data is alarming in that it represents a massive year-over-year increase, and order of magnitude more than the 12 million breaches in 2014. Bitglass' 2014 prediction was that as chip-and-PIN technologies devalued black market credit card data, the interest in medical records would increase. What we didn't anticipate was how quickly it would happen. Our analysis of data from the US Department of Health and Human Services revealed that hacking and IT-related incidents were far and away the primary cause of breaches, accounting for 111M of the 113M affected records in 2015. In fact, six of the 56 hacking-related breaches last year resulted in over one million leaked records, among them the 78.8M lost in the Anthem breach and the 11M affected by the Premera hack.
Notably, these large-scale breaches go undetected for a surprisingly long time. Healthcare organizations oftentimes don't have the security tools in place to quickly identify and act on potential breaches. Hackers increasingly clever about capturing credentials without alerting the user that they have just been subject to a phishing attack. Domain spoofing and other techniques have proven effective, and so organizations must be proactive about securing data in public cloud apps - using more secure means of authentication, applying DLP to sensitive files, and more.
The need to secure data in public cloud apps both for compliance purposes and to limit exposure has never been more apparent. The hackers are getting smarter, the targets on the backs of healthcare organizations growing, and the value of health records are as high as ever.